-
Notifications
You must be signed in to change notification settings - Fork 21
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Cannot retrieve session data stored in prior request #32
Comments
Hey, @okunoyuki! Regarding test state, any cookies held by the session should be available from As far as the problem here, I'm not sure exactly what's up. When you have a moment, could you provide a few more details about the implementation and behavior you're seeing?
Thanks in advance! |
Thank you for your quick and kind reply! @rjz Looks like we use multiple session-related frameworks(express-session and passport). Maybe we shouldn't use both of them at a time?
For 2, the _csrf cookie exists in { 'cache-control': 'private,no-store,no-cache,must-revalidate,proxy-revalidate',
pragma: 'no-cache',
'set-cookie':
[ '_csrf=XXXXXXXXXXXXXXXXXXXXXXXXXX; Path=/',
'connect.sid=YYYYYYYYYYYYYYYYYYYYYYY; Path=/; HttpOnly' ],
'content-type': 'text/html; charset=utf-8',
'content-length': '1394',
etag: 'W/"572-LEgv480pG9D7SI5tj94/Zg"',
date: 'Mon, 29 Jan 2018 23:36:59 GMT',
connection: 'close' } For 3, |
Got it—thanks, @okunoyuki! Depending on what backing store you are using with First thought: since testSession.get('/login')
.end(function(err, res) {
if (err) {
return done(err);
}
testSession.post('/login')
.type('form')
.send({
username: 'xxxxxxxx',
password: 'xxxxxxxx',
})
.end(done);
}); It looks like the session cookie is being attached correctly (you can see it in the HTTP requests, and it should appear in |
Thank you! @rjz |
@rjz |
Awesome, @okunoyuki, I'm glad to hear that it's working! Please do be in touch if you run into any other issues. |
having the same issue `const app = require('../../../app.js'); describe('GET /api/csrf-token', () => { describe('POST /api/users/login', () => { |
Hi.
My team is struggling to implement csrf tokens to our express APIs and run tests correctly.
Our app works well on real browsers, but the tests related with sessions fail.
We added csrf secret to session in GET request, but we cannot retrieve the secret in subsequent POST request.
We're trying to figure out whether we're using supertest-session in a wrong way, or something unexpected is happening (ex. some other Express middlewares interfere the test code).
We also want to know how to access session objects in test code to debug more closely.
We'd appreciate any help!
Problem
req.session._csrf
inrouter.post('/login')
isundefined
_csrf
key is added toreq.session
inrouter.get('/login')
.Test code
The text was updated successfully, but these errors were encountered: